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UNITED STATES INTELLIGENCE BOARD 


INTELLIGENCE RESOURCES ADVISORY COMMITTEE 


USIB/IRAC-D-9. 5/17 
19 September 1975 


MEMORANDUM FOR: The United States Intelligence Board 
The Intelligence Resources Advisory Committee 


SUBJECT : Community-Wide, Computer-Assisted 
Compartmentation Control Systems (4Cs) 


REFERENCES : a. USIB-M-669, 30 May 1974, Item 5 
b. USIB-D-9.5/16, 30 October 1974 


1,. The enclosed memorandum on the subject, with its 
attachment, from the Chairman of the Security Committee is 
circulated for consideration. The Security Committee recommendations 
are contained in paragraph 6 of[-____ ~~ Inemorandum. The 
attachment is a report of the Security Committee Working Group on 
the follow-on study which the Board agreed to support after the 
Security Committee recommended rejection of the CLAIRE concept. 


STAT 


2. It is planned to schedule this subject on the USIB 
agenda for Board consideration at the 25 September meeting. 


STAT 


Acting Executive Secretéry 
Enclosure 
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UNITED STATES INTELLIGENCE BOARD Pneisaute 
SECURITY COMMITTEE USIB/IRAC+-D-9, 5/17 


19 September 1975 


1? September 1975 


MEMORANDUM FOR: Chairman, United States Intelligence Board 


SUBJECT : Community-Wide, Computer-Assisted 
Compartmentation Control System (4Cs) 


REFERENCE : (A) USIB-M-669, 30 May 1974, Item 5 
(B) USIB-D-9.5/16, 30 October 1974 


1. Attached is the report of the Security Committee's 
working group on the follow-on study which the Board agreed to 
support after the Security Committee recommended rejection of 
the CLAIRE concept. 


2. Toward a goal of inducing economy and efficiency 
in the community's management of compartmented clearances, 
the representatives of CIA, DIA, Army, Navy, Air Force, State, 
ERDA and NSA developed and costed a design to meet their 
requirements in this area. The configuration of this system calls 
for a central facility in the form of a secure dedicated minicomputer 
in one agency connected to remote terminals in other agencies. 


3. The design permits registration of approximately 
300, 000 individuals, each of whom can be credited with 1,000 
clearances. The design is open-ended and more storage capacity 
can be added. The design provides for expansion capabilities 
but is limited initially to use in the Washington area. The design 
also provides for a suppression capability to limit access to 
certain personnel and/or clearances to the inputting department 
if this feature is desired. 


4, The central facility would cost approximately $431, 707 


and require monthly personnel costs of $13,333 and maintenance 
costs of $2,267. Departments and agencies perceive the need for 
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Enclosure 
USIB /IRAC-D-9. 5/17 
19 September 1975 


terminals of different configurations to satisfy unique requirements. 
The projected costs of these terminals are: 


Agency Equipments Monthly Maintenance 
DIA $ 72,900 664 
Army 72,900 664 
Air Force 52,822 471 
Navy 69,107 616 
CIA | 61, 237 561 
NSA 37,570 320 
State 32,570 290 
ERDA 29,329 160 


5. The participating members endorse this concept and the 
FBI and Treasury Department, while not represented on the working 
group due to small need for such a facility, also endorse the proposal. 


6. Recommendations 
The Security Committee believes that this computer -assisted 
compartmentation clearance control procedure is feasible and cost- 


effective, and recommends: 


(a) That USIB endorse the concept and authorize 
its implementation. 


(b) That the Office of Joint Computer Services, CIA, 
be designated as executive agent for implementation and 


operation as a service of common concern 


(c) That the CIA fund purchase and maintenance of 
the central facility to be located in CIA. 
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(d) That the departments and agencies fund the costs 
of selection, purchase and installation of terminals configured 
to meet their perceived needs. 


STAT 


Chairman 


Attachment 
4Cs Report 
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Attachment 1 
USIB/IRAC-D-9,. 5/17 


SECURITY COMMITTEE 


WORKING GROUP REPORT 


Requirements for a 
Community - Wide, Computer -Assisted 
Compartmentation Control System 


(July 1975) 


Security Committee Task XI-I 


Attachment: 
Supporting Facts and Observations 
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Attachment l 
USIB/IRAC-D-9. 5/17 


Report of the Working Group of the USIB Security Committee 
on Requirements for a Community-Wide, Computer-Assisted 
Compartmentation Control System 


l. Introduction 


This report was prepared by a Working Group of the Security 
Committee of USIB with representation from CIA, Chairman, DIA, 
Army, Navy, Air Force, NSA, State and ERDA. The FBI and 
Treasury declined participation although they expressed interest 
in the study. 


The report satisfies requirement of a task by the Security 
Committee in November 1974 to conduct a study of the intelligence 
community's requirements and devise a concept for a viable cost- 
effective procedure to assist in control of compartmented accesses. 


The Working Group first assembled requirements of the 
community members and then submitted a statement of needs to 
system design personnel in CIA and DIA for independent feasibility 
and cost studies. The Working Group examined DIA and CIA 
proposals and selected a DIA design which the Working Group calls 
the 'Community-Wide, Computer-Assisted Compartmentation Control 
System!" (4C), 


2. Discussion 


A. The recommended 4C system consists of a dedicated 
mini-computer containing a central data base of intelligence community 
access approvals. The proposed system would be developed in two 
phases: the first phase provides on-line remote update and retrieval 
capabilities within Washington area headquarters offices only; the 
second phase permits an on-line expansion throughout the United 
States. Once implemented, the system would allow participating 
activities direct access to sensitive compartmented information (SCI) 
access approvals for most intelligence community personnel ina 
timely and efficient manner. 
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(1) Benefits from the recommended 4C system as opposed 
to maintaining existing separate systems within the intelligence 
community include: 


a) Improvement of overall efficiency through 
uniformity of approach for security handling within 
the intelligence community. 


b) Cost advantages result which are unattainable 
using existing individual system to achieve the 4C objectives. 


c) Significant reductions in the volume of clearance 
certification message traffic inter- and intra-participating 
organizations. 


d) Continuous rather than limited incumbent and 
billet access verification by Special Security Officer (SSO) 
facilities. 


e) Elimination of need for permanent certifications 
among participating services and agencies. 


f) Significant time savings for outlying Special 
Security Officer sites supporting major headquarters and 
subordinate elements having high volume in personnel and 
billet access requirements. 


g) Elimination of need to contact multiple sources 
for individual billet access approvals. 


(2) Specifically, the recommended system: 


a) Meets the basic objectives as set forth by the 
Chairman, Security Committee, which are: 


1 Permit rapid verification of current (and 
future) SCI access approvals of individuals by any 
intelligence community organization participating 


in the system; 
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2 Provide access control and accounting 
mechanism for intelligence "bigot'' lists and 
"bigoted" programs/projects; 


3 Eliminate individual SCI access control 
systems within participating organizations, 


b) In pursuance of the above objectives, the recommended 
4C system provides the following capabilities: 


l Offers participants an on-line query 
capability using cathode-ray tube terminals (CRT) 
and remote batch terminals (RBT). 


2 Meets the common requirements of all 
‘member organizations for control and management 
of SCI access, and the DoD SCI billet structure. 


3 Provides a "suppression" capability that 
will conceal, at the option of the inputting organization, 
the access authorizations and/or the existence of an 
individual's record from other participants. 


4 Offers features for controlling the access 
of contractors, foreign personnel and others for 
whom ''need to know" or release authority must be 
established prior to each access certification. 


5 Can be expanded throughout the United 
States and eventually overseas, if desired. (See 
Attachment, paragraph 1) 


6 Provides an on-line and batch update 
capability from remote locations and a complete 
audit trail to permit trace of all record changes 
to initiating organization. 


7 Offers a record of access queries to the 
system. 
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B. A system designed in accordance with the 4C User 
Requirements Design Concept is technically feasible using either a 
large scale computer or a mini-computer. The recommended mini- 
computer system offers more advantages than the large-scale computer 
system (See Attachment, paragraph 2), 


C. Estimated costs of a system are outlined below. Costs 
cited are based on dedicated secure communications lines. Any 
existing secure communication links which can be used will reduce 
implementation costs. Detailed cost estimates for the below described 
mini-computer alternatives were derived from the DIA feasibility 
study. 


(1) Minimal System 


Monthly Cost 
ITEM Initial Cost Pers/ Maint 


a) Central System using[ | $ 231, 707 $13, 333/$2267 ST 
System software development 
costs 200, 000 
Subtotal: $431, 707 $13, 333/$2267 


b) One basic query/update device 
w/commo (1200 BPS) per intel- 
ligence community organization. 


8 ea. CRT + character printer 
$147, 680 /$1280 STAT 


MINIMAL SYSTEM TOTAL: * $579, 387 $13, 333/$3547 


-4- STAT 
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(2) Washington Area R4C* 


ITEM Initial Cost Monthly Cost 
Pers/ Maint 
a) Central System $ 231, 707 $13, 333/$2267 STAT 
System software development 
costs. 200, 000 
Subtotal: $431, 707 $13, 333/$2267 


b) Commo (1200 & 4800 BPS and 
terminals (CRT w/k&w/o 
character printers, remote 
batch terminals) 
fulfill Washington area require- 
ments as expressed in R4C concept. $411,291 /$3746 


STAT 


TOTAL: $ 842, 998 $13, 333/$6013 


D. The 4C system is highly cost sensitive to the requirement 
that it be encrypted. The rationale for this requirement is discussed 
in Attachment, paragraph 3. 


E. Time to fully implement the system within the Washington 
area is estimated to be 18 to 30 months from time of USIB approval. 
The longer period considers the normal times required for require- 
ments analysis, system design, interagency coordination, bid request 
preparation/publication, vendor response preparation, vendor selection 
and contract award, software development/equipment receipt and test, 
and system testing and training. The shorter estimate assumes extra- 
ordinary measures can be taken to compress the schedule. These 
might include: commitment of additional in-house systems analysis 
and design personnel, appointment of agency representatives with 


* R4C indicates that members of the intelligence community were 
interviewed to determine what equipment each agency would like to 
have in their terminals to do an adequate job. The exact breakdown 
of equipment suggested by each member was then priced to arrive at 
the $411, 291 figure. 
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plenary acquisition authority, and expeditious provision of necessary 

funding. It also assumes procurement of rom STAT 
existing stockpiles or diversion eee STAT 
two years) from other prgects or programs. The relatively long 

period to achieve operational status within only the Washington area 

is a disadvantage that would accompany the development of nearly 

any automated on-line system embracing the requirements of 


multiple organizations and requiring the procurement of hardware, 
particularly the cryptographic devices. 


F. Achievement of the objectives set forth by the Security 
Committee for creation of a community-wide system by linking 
together the existing systems of intelligence community members 
was not considered cost-effective or feasible. A discussion of this 
alternative is in Attachment, paragraph 4. 


G. Savings might be derived through implementation of the 
4C System (Attachment, paragraph 5). 


3. Conclusions 


A. The 4C System proposal satisfies the tasking requirements 
of the Security Committee. 


B. The 4C System would be cost-effective in consideration 
of an increase in security, savings to be achieved through elimination 
of separate systems, and capability to handle growth rate. 


Cc. The approximate initial costs of the R4C System with 
preferred terminals would be $842, 998 (with a possible variance 
of plus 20% to minus 10%) for implementation within the Washington 
area headquarters sites. Approximately one-half of this amount 
would be devoted to the purchase of desired terminal equipment for 
intelligence community organizations and one-half to equipment 
procurement and software design for the central facility. 
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Attachment 2 
USIB /IRAC-D-9, 5/17 


SUPPORTING FACTS AND OBSERVATIONS 
OF THE WORKING GROUP 


1. Dedicated Communications Line Costs 


These costs are not system sensitive within the Washington area 
and may not be so within CONUS. However, at the point of overseas 
expansion of the system they will certainly become so. At that time 
the feasibility of linking overseas terminals through then existing 
switching systems should be addressed. 


2. Analysis of Relative Merits of Large Scale and Mini-Computer 
in the Implementation of the 4C System 


A. Large Scale Computer: STAT 


(1) Advantages 


b) CIA software (GIM) and software knowledge 
and expertise would expedite system development by 
an estimated ten months, 


(2) Disadvantages 

a) Available (GIM) software cannot provide both 
a "suppression" capability and a capability at remote 
terminals for programming of output products. 

b) "Spillage'' of file data possible due to mixing 


of 4C System with other non-related applications 
possessing their own sets of terminals. 
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c) Backup capability is unknown. It would 
require commitment of additional CIA hardware or 
at least assignment of a precedence to 4C sufficient 
to permit it to displace other applications on other 
hardware. (This requirement represents some as 
yet undefined commitment of additional resources. ) 


d) Expansion potential is uncertain. Other 
systems sharing the computer will compete for 
available capacity as each system expands. Once 
the large scale computer is saturated, there is no 
capability for adding small increments of capacity. 


B. Mini-Computer 
(1) Advantages 


a) Security maximized by not mixing file with 
other applications having separate terminals. 


b) Backup capability achieved through use of 
two mini-computers, a dual processor. Both contribute 
to normal operations; however, if one fails the system 
response is degraded, but it does not cease to function. 
Under normal conditions one mini-computer (processor) 
would support on-line query operations, and the other 
would support batch operations, 


c) Capacity of system can be readily expanded 
when operations dictate this step by purchase and 
installation of an additional mini-computer and disks. 


d) The administrative problems of competing 
priorities with non-related systems sharing the large 
scale computer are avoided. 


e) A "suppression" capability is possible 


without the sacrifice of any terminal programming 
capability. . 
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(2) Disadvantages 


a) Greater initial outlay of funds required. 
The $226, 707 required for the mini-computer hardware 
at the central site would exceed the rental charges 
associated with the CIA large-scale computer until 
approximately five years of operations. 


b) Software preparation will take more time 
due to the lack of an off-the-shelf or a government- 
owned existing system that will completely fulfill 
system requirement. If the suppression" capability 
remains a firm requirement, the time disadvantage 
of the mini-computer disappears as does software 
cost disadvantage (up to $200,000 for mini, something 
less for large scale). 


C. Conclusion 


(1) Time required to procure any additional peripheral 
equipment needed for the central system, encryption devices, 
and terminal equipment for remote sites would presumably be 
the same as for procurement of the mini-computer hardware; 
i.e., time for full implementation would not be appreciably 
shorter than for the mini-computer alternative. 


(2) The mini-computer alternative for implementation 
of the 4C concept would produce a superior system, for about 
the same amount of money and time than the large~scale 
computer alternative would require. 


3. Reasons for System Encryption 


Classification of the system at a level of CONFIDENTIAL is 
in accord with current community usage for extensive collections of 
security access data. 


A. Encryption will prevent undetected, unauthorized 


introduction via line taps of spurious responses to terminal queries 
and will prevent modification of the data base via similar means. 
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B. It will prevent intercept of batch products; e.g., large 
access rosters that would aid a hostile spotting and assessment 
effort or DoD SCI billet rosters from which significant order of 
battle information could be derived. 


4. Modification of Existing Systems to Attain ''Bigot'' List Control 
and Rapid Access Verification Capability 


After examination and discussion with qualified data processing 
systems personnel, this course of action was discarded by the Working 
Group. It would require as much or more effort in software develop- 
ment than would the development of an entirely new system. It would 
take about as long to complete. Major software modifications would 
be required for the systems supporting each agency/department. 
Report and conversion programs would be_needed to channel data to 
a central system, presumably a modified 
No economies of scale or volume would be achieved in such a "patch 
work'' system, and if future modifications became necessary their 
cost could be multiplied by the number of different existing subsystems 
in the network. Sucha "system" would suffer from the deficiencies 
that exist within each of the component systems in timeliness of 
input, data accuracy and, to some degree, information available. 
Time required for full implementation would likely equal that for 
the 4C concept. 


5. Summary of Areas From Which Savings May be Derived Through 
Implementation of the 4C System 


Current system operating costs are difficult to specify since 
most operate on a time-sharing basis using in-house computers. For 
most participants it is reasonable to assume that computer time devoted 
to security support applications will be significantly reduced by the 
transfer of operations to the 4C System. Due to the unique require- 
ments of certain participants, they will continue using their existing 
systems, thus, somewhat reducing the potential for savings. No 
direct security personnel cost reductions can be predicted. Difficult 
to specify but certain cost savings will be achieved through reduction 


STAT 
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of access certification message traffic, reduction in the number of 
times which identical information is input to different data bases, 
decreases in time lost due to visitors awaiting access verification, 
and savings in security processing. 
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